Facebook Slapped with €1.2m Fine for Breaching Privacy Laws in Spain

The data collection techniques employed by Facebook have
long been the subject of controversial debate as concerns continue to arise
regarding their storage and use of said data. Now, their data-harvesting
activities have landed them in hot water once again as the Spanish data
protection authority, known as the AEPD, have issued some substantial fines
against the social media giant in response to recent investigations which
uncovered multiple breaches of privacy laws.

The AEPD’s investigation into Facebook’s handling of user
data reportedly identified three serious infringements, with one of the three
being particularly severe. In response, the authority has issued Facebook with sanctions
totalling €1.2million, broken down to €300,000 for each of the two lesser
charges and a €600,000 fine for the more-substantial breach.

The data collection techniques employed by Facebook gather a
wealth of information relating to a user’s ideology, sex, religious beliefs,
personal tastes, and online navigation. This takes place both directly via an
individual user’s use of Facebook services, or indirectly via third party
pages. The AEPD argue that this takes place without “clearly informing the user
about the use and purpose”. It is this lack of transparency that led to one of
the supposed breaches of privacy laws, as not obtaining express consent of
users to process sensitive personal data is classified as a very serious
offense under local data protection laws.

Facebook are also in trouble over their use of browser
cookies, as the regulator asserts that users are not informed when browsing
non-Facebook sites that incorporate their ‘like’ button that their information
will be processed through the use of such cookies.

“This situation also occurs when users are not members of
the social network but have ever visited one of its pages, as well as when
users who are registered on Facebook browse through third party pages, even
without logging on to Facebook. In these cases, the platform adds the
information collected in said pages to the one associated with your account in
the social network. Therefore, the AEPD considers that the information provided
by Facebook to users does not comply with data protection regulations,” the
AEPD noted.

The final breach relates to the social media company’s use
of harvested data once its intended use has been fulfilled, specifically the
fact that said data is retained rather than deleted. Worryingly, this was found
to be true even when the company had received a specific request from the user
to delete their data.

The AEPD said of the issue, “Regarding data retention, when
a social network user has deleted his account and requests the deletion of the
information, Facebook captures and treats information for more than 17 months
through a deleted account cookie. Therefore, the AEPD considers that the
personal data of the users are not cancelled in full or when they are no longer
useful for the purpose for which they were collected or when the user
explicitly requests their removal, according to the requirements of the LOPD
[local data protection law], which represents a serious infringement.”

The investigations being carried out by the AEPD and various
other data protection authorities throughout Europe began following changes to
Facebook’s terms and conditions in 2015. The privacy policy used by Facebook is
deemed to contain “generic and unclear terms”, with the AEPD asserting that a
user of the platform “with an average knowledge of the new technologies does
not become aware of the collection of data, nor of their storage and subsequent
treatment, nor of what they will be used”. This seems to be the root of much of
Facebook’s legal troubles.

Facebook have since issued a statement in which they make
known their intention to dispute the decision, all while falling back on their
old defence relating to the location of their Ireland HQ and the subsequent
laws to which they should abide. Their statement read as follows:

“We take note of the DPA’s decision with which we
respectfully disagree. Whilst we value the opportunities we’ve had to engage
with the DPA to reinforce how seriously we take the privacy of people who use
Facebook, we intend to appeal this decision. As we made clear to the DPA, users
choose which information they want to add to their profile and share with
others, such as their religion. However, we do not use this information to
target adverts to people.

“Facebook has long complied with EU data protection law
through our establishment in Ireland. We remain open to continuing to discuss
these issues with the DPA, whilst we work with our lead regulator the Irish
Data Protection Commissioner as we prepare for the EU’s new data protection regulation
in 2018.”

While the fines may seem substantial to most, to a company
on the scale of Facebook who turn over ridiculous figures each year, the
monetary expense will hardly be noticed. Facebook’s decision to appeal
therefore is more to do with their reputation and users’ perception of the
company, as they would not want to be seen as compromising the privacy of their
sizeable user-base. Money is not really an issue for the social media giant,
but if users start leaving the site due to such concerns, every part of the
business will suffer.

About Social Songbird

Keeping you up to date on social media, digital marketing, apps, news & reviews.
Social media, and digital marketing as a whole, are rapidly and constantly changing, adapting to new developments at an ever increasing rate. Just keeping up to date can be a nightmare.
Our team of writers know their field, and keep an ear to the ground. We aim to keep you informed of all recent developments in the online world, and teach you a little something along the way.
So whether you just want to stay connected, or gain some knowledge for yourself, the Social Songbird will keep on singing!
More articles are posted every day so keep checking back!
Join the discussion on Twitter - #SocialSongbird
Or contact us directly - @SongbirdWriters

For many who perhaps are enthralled in a series eagerly awaiting the latest episode or hooked on a sporting season desperate to see tha...

Meet The Team

Sam Bonson - Editor/Content Writer

Sam is an aspiring novelist with a passion for fantasy and crime thrillers. Currently working as Editor of Social Songbird, he hopes to one day drop that 'aspiring' prefix. Follow him @Songbird_Sam

Mili Ponce - Executive Editor

Mili Ponce is a recognised international Digital Marketing strategist and keynote speaker.
Known in the UK as the Twitter Queen for the last 9 years, she was the first one, to write and speak in conference about how to create an online business and promote any products and services by using Twitter.
She gives training and consultancy to Corporate Companies, Government Organizations, Marketing Managers, Business Owners and Individuals @miliponceuk

Sarah Cousins - Contributor

I write about ideas. My background is in strategic marketing, PR, social media and project management, my future is in ideas. I’m professionally qualified with the Chartered Institute of Marketing, holding a postgraduate diploma in strategic marketing. After working for the BBC I spent a lot of time in the education sector. I’ve flirted with freelance work and consultancy but the BIG thing I’ve noticed is that people want practical results (ridiculously fast). I help boutique business owners and online entrepreneurs. One powerful idea can change your world, last a lifetime or even create a legacy. You can find me on Twitter @The_Ideas_Girl

Victoria Greene - Contributor

Victoria Greene is an e-commerce marketing expert and freelance writer who derives an unusual level of enjoyment from browsing supermarkets. You can read more of her work at her blog Victoria Ecommerce